CVE-2025-27152
EUVD-2025-773107.03.2025, 16:15
axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative URLs to axios. Even if baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios. This issue is fixed in 1.8.2.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| axios | axios | 𝑥 < 0.30.0 |
| axios | axios | 1.0.0 ≤ 𝑥 ≤ 1.7.9 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| pgadmin4 |
| ||||||||||||
| pgadmin4-doc |
| ||||||||||||
| pgadmin4-web |
| ||||||||||||
| system-user-pgadmin |
|